The Regime Is Sponsoring Cryptocurrency Hacker Groups
Attacks on cryptocurrency platforms have been on the rise in the past two years, with sophisticated hacker groups specifically in China and Russia believed to be behind the schemes. According to a recent report released by the cybersecurity firm, Group-IB, Pyongyang also backs some of the most successful hacker syndicates on the planet, the most notable being the Lazarus hacker unit. In most cases, the syndicates target world financial institutions and cryptocurrency trading platforms.
With over a billion dollars worth of cryptocurrencies stolen from various platforms over the past two years, Lazarus was specifically responsible for syphoning off over $500 million worth of digital assets from exchange networks.
Cryptocurrency exchange platforms that have fallen victim to its schemes include Bithumb, Yapizon, YouBit, Coinis, and Coincheck. Such groups commonly use spear phishing for their exploits.
Lazarus has successfully attacked several cryptocurrency exchange platforms including Bithumb, Yapizon, YouBit, Coinis, and Coincheck. (Image Credit: Kaspersky)
North Korea Backing Scam Coins
Pyongyang cyber units have also been involved in a spate of scam coin setups to illicitly obtain funds from unsuspecting investors. Among recent discoveries was a scam coin dubbed Marine Chain, which the state of Ontario declared as a fraud. Now defunct, it allowed for the tokenization of marine vessels.
Clients lured in by the scheme lost their investments on the platform, allegedly set up by enablers in Singapore. Its website was hosted on four different IP addresses on different occasions. Some users also noted striking similarities with another platform called shipowner.io.
North Korean scammers may also be behind another scam coin dubbed Stellar Holdings or HOLD. Unusual activity involving the HOLD altcoin was detected between the months of March and August. Experts started to notice significant data transfer volumes during this period. Several network nodes indicated significant activity, especially during June.
The team behind the coin reportedly generated interest and revenue at the beginning of the year through a technique called stacking. It involves allowing miners to mine the cryptocurrency and add to its value and growth momentum before giving them permission to trade. Participants generally take on significant risks while indulging in such schemes because trades and time-frames are limited by coin developers.
There is also the real risk that the coin will depreciate in value before miners can trade. In August, the HOLD coin was apparently rebranded to HUZU after being listed and delisted on several cryptocurrency platforms. The change reportedly led to major financial losses among its investors.